On 6/4/10 9:23 AM, Justin Richer wrote: >> We should solve one problem at a time. It's easy to layer structure >> on top of an opaque blob in a separate spec. > > +1 to this. Token structure seems like a nice idea, but it's outside > what should be dictated by the OAuth spec. We want people to be able to > use OAuth to shuttle their existing tokens around, or create hexblobs > that mean nothing to anyone else, or encode 37 fields in a structured > format that's signed with a private key, or whatever else they want to > do, and still have all of that be OAuth. If someone wants to say "we use > OAuth and our tokens are UberTokens so they're compatible with everyone > else", that's fine; but you should be fully able to do OAuth without > adding *any* structure to your tokens whatsoever.
Agreed. And in true IETF fashion, I welcome those who care about this issue to write an Internet-Draft. :) BTW, it's possible that you might glean some interesting ideas from a previous attempt to define an open token format (for cookies): http://tools.ietf.org/html/draft-smith-opentoken-02 Peter -- Peter Saint-Andre https://stpeter.im/
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth